
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 13-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/309,161 


05/10/1999 


LAWRENCE CUI 


OLAL 1006.002 


7164 



23910 7590 03/17/2004 

FLIESLER MEYER, LLP 
FOUR EMBARCADERO CENTER 
SUITE 400 

SAN FRANCISCO, CA 94111 



EXAMINER 



PAULA, CESAR B 



ART UNIT 



PAPER NUMBER 



2178 

DATE MAILED: 03/17/2004 



n 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/309,161 


Applicant(s) / 

CUIETAL \ 


Examiner 

CESAR B PAULA 


Art Unit 

2178 





The MAILING DATE of this communication appears on the cover sheet with the correspondence address • 
Period for Reply 
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DETAILED ACTION 



1. This action is responsive to the response filed on 12/23/2003. 
This action is made Final. 

2. In the response, claims 1-14 are pending in the case. Claims 1-2, and 14 are independent 
claims. 



3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 



4. Claim 1 recites "stripping off any cookies. . .. and storing the cookies in a repository " 
lines 4-5. There is insufficient information in the specification disclosure to support the storing 
of stripped cookies in the repository. 



Claim Rejections - 35 USC § 112 



5 . Claims 2- 1 3 recite "removing cookies . . . . and storing information contained in each 
cookie in a cookie repository " claim 2, lines 3-4. There is insufficient information in the 
specification disclosure to support the storing of removed cookies in the repository. 
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6. Claim 1 1 recites " storing the information from the cookie repository when the lifetime 
expires" line 2. There is insufficient information in the specification disclosure to support the 
storing of information from the cookie repository. 

7. Claim 14 recites "removing information from a document and storing that information in 
a repository " line 2. There is insufficient information in the specification disclosure to support 
the storing of removed cookies in the repository. 

Claim Rejections - 35 USC §103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 1-14 remain rejected under 35 U.S.C. 103(a) as being unpatentable over Wagner 
(Pat. # 6,085,224, 7/4/00, filed on 3/1 1/97), in view of McGee (Pat. # 6,393,468 Bl, 5/21/02, 
filed on 3/13/98). 

Regarding independent claim 1, Wagner discloses the deletion of cookies from web page 
headers (col. 2, lines 1-67, col.3, lines 1-67). Wagner fails to explicitly teach generating a 
session id to identify a new session. However, McGee discloses the generation of a user's session 
index or session id (col. 9, lines 14-21, col.10, lines 34-67, and colli, lines 56-67). It would 
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have been obvious to a person of ordinary skill in the art at the time of the invention to have 
generated the session id, and combine the teachings of Wagner, and McGee, because McGee 
teaches the closing of the browsing session if the time between server access exceeds a time-out 
period. Thus, the session id provides the benefit of saving server resources by avoiding tying up 
server resources unnecessarily, when a user has not access the server in a predetermined lengthy 
amount of time. 

Furthermore, Wagner discloses the deletion of cookies from web page headers sent to a 
user. The cookies are stored in a web server which introduces these cookies into the header of a 
requested web page (col. 2, lines 1-67, col. 3, lines 1-67). Wagner fails to explicitly teach 
appending the session id to all of the links embedded in the response page and sending the 
modified response page, with the new header. However, McGee discloses the appending of a 
user's session index or session id to all the URLs embedded in a web pages (col.lO,lines 34-67, 
col. 1 1, lines 56-67). It would have been obvious to a person of ordinary skill in the art at the time 
of the invention to have appended the session id to the links in the web page, and combine the 
teachings of Wagner, and McGee, because McGee discloses a system where only authorized 
users can access web pages (col.4, lines 43-67), so that the information would be safeguarded by 
providing it to valid users, and denying it to unauthorized users. 

Regarding independent claim 2, Wagner discloses the requesting, and browsing of web 
pages from a web server by a web browser (col. 2, lines 1-67, col.3, lines 1-67). Wagner fails to 
explicitly teach generating a unique session id in response to a request from a client browser. 
However, McGee discloses the generation of a user's session index or session id (col. 9, lines 14- 
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21, col. 10, lines 34-67, and col.l l 5 L.56-67). It would have been obvious to a person of ordinary 
skill in the art at the time of the invention to have generated the session id, and combine the 
teachings of Wagner, and McGee, because McGee teaches above the closing of the browsing 
session if the time between server access exceeds a time-out period. Thus, the session id 
provides the benefit of saving server resources by avoiding tying up server resources 
unnecessarily, when a user has not access the server in a predetermined lengthy amount of time. 

Furthermore, Wagner discloses the removal or deletion of cookies from web page 
response headers in a web page before it is sent to a user's browser. The cookies are stored in a 
web server which introduces these cookies into the header of a requested web page (col. 2, lines 
1-67, col.3, lines 1-67). Wagner fails to explicitly teach appending the unique session id to each 
URL in the response page before sending the response page to the client browser. However, 
McGee discloses the appending of a user's session index or session id to all the URLs embedded 
in a web pages (col,10,lines 34-67, col.l 1, lines 56-67). It would have been obvious to a person 
of ordinary skill in the art at the time of the invention to have appended the session id to the links 
in the web page, and combine the teachings of Wagner, and McGee, because McGee discloses a 
system where only authorized users can access web pages, so that the information would be 
safeguarded by providing it to valid users, and denying it to unauthorized users (col.4, lines 43- 
67). 



Regarding claim 3, which depends on claim 2, Wagner discloses determining whether a 
browser accepts cookies, and if does not deleting those cookies from the HTTP headers 
(col.2,lines 54-col.3,line 67). 
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Regarding claim 4, which depends on claim 2, Wagner discloses the access of web pages 
from a server by a client (col.8, lines 24-col. 9, line 39). Wagner fails to explicitly teach 
encrypting the session id However, McGee teaches the encrypting of a session index or session 
id, by masking it within a random 10 digit number (col.l 1, lines 56-coL12, line 12). It would 
have been obvious to a person of ordinary skill in the art at the time of the invention to have 
encrypted the session id, because McGee discloses a system where only authorized users can 
access web pages, so that the information would be safeguarded by providing it to valid users, 
and denying it to unauthorized users (col.4, lines 43-67). 

Regarding claim 5, which depends on claim 2, Wagner discloses determining whether a 
session has expired, and closing the session if it has expired (col.2,lines 54-col.3,line 67). 
Wagner fails to explicitly teach checking the request for an existing session id before generating 
a unique session id. It would have been obvious to a person of ordinary skill in the art at the time 
of the invention to have encrypted the session id, because Wagner teaches above the generation 
of a new session index or id to establish a new session. This provides the advantage of allowing a 
user to continue browsing after a session has been closed due to inactivity. 

Regarding claim 6, which depends on claim 5, Wagner discloses the retrieval of cookies 
from a server storage or repository (col.2, lines 31 -col. 3, line 67). Wagner fails to explicitly 
teach cookie repository corresponding to the existing session id. However, McGee discloses the 
generation of a user's session index or session id (col. 9, lines 14-21, col. 10, lines 34-67, and 
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col.l l,L.56-67). It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to have generated the session id, and combine the teachings of Wagner, and 
McGee, because McGee teaches above the closing of the browsing session if the time between 
server access exceeds a time-out period. Thus, the session id provides the benefit of saving 
server resources by avoiding tying up server resources unnecessarily, when a user has not access 
the server in a predetermined lengthy amount of time. 

Regarding claim 7, which depends on claim 6, Wagner discloses generating a cookie 
header, and inserting cookies in the response web page (col. 2, lines 31-67). 

Regarding claim 8, which depends on claim 7, Wagner discloses generating a cookie 
header, and appending cookies in the header of the response web page (col. 2, lines 31-67). 

Regarding claim 9, which depends on claim 2, Wagner discloses the retrieval of web 
pages from an external server storage or repository (col.2, lines 31-col. 3, line 67). 

Regarding claim 10, which depends on claim 2, Wagner discloses the retrieval of cookies 
from a server storage or repository (col.2, lines 31-col. 3, line 67). Wagner fails to explicitly 
teach setting a lifetime for a session corresponding to the unique session id. However, McGee 
discloses setting a lifetime for the session index or id to prevent a user from exceeding a time-out 
period of inactivity (col. 8, lines 24-col.9, line 39). It would have been obvious to a person of 
ordinary skill in the art at the time of the invention to have generated the session id, and combine 
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the teachings of Wagner, and McGee, because McGee teaches above the closing of the browsing 
session if the time between server access exceeds a time-out period. Thus, the session id 
provides the benefit of saving server resources by avoiding tying up server resources 
unnecessarily, when a user has not access the server in a predetermined lengthy amount of time. 



Regarding claim 11, which depends on claim 10, Wagner discloses the removal or 
deletion of cookies from web page response headers in a web page before it is sent to a user's 
browser. The cookies are stored in a web server, which introduces these cookies into the header 
of a requested web page. The storage takes place during the web browsing session of the client's 
browser (col. 2, lines 1-67, col.3, lines 1-67). 

Regarding claim 12, which depends on claim 2, Wagner discloses determining whether a 
user has disabled cookies' reception in a browser, which is done through a function for deleting 
the cookies (col.2, lines 54-col.3, line 67). 



Regarding claim 13, which depends on claim 2, Wagner discloses the deletion of cookies 
from web page headers, and sending the modified web page to a user (c.2,L.54-c.3,L.67). 
Wagner fails to explicitly teach receiving the request from the client browser to a proxy server, 
the proxy server hosting the cookie repository. McGee teaches a web server HTML page store 
360 — proxy server — located within an Internet server 300 for transmitting requested web pages 
to a requesting user (col.6,lines 35-67, fig. 3). It would have been obvious to a person of ordinary 
skill in the art at the time of the invention to have stored the cookies in a proxy server repository, 
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and combine Wagner, and McGee, because McGee, because McGee discloses a system where 
only authorized users can access web pages, so that the information would be safeguarded by 
providing it to valid users, and denying it to unauthorized users (col.4, lines 43-67). 

Regarding independent claim 14, Wagner discloses the removal or deletion of cookies 
from web page response headers in a web page before it is sent to a user's browser. The cookies 
are stored in a web server which introduces these cookies into the header of a requested web 
page (col. 2, lines 1-67, col.3, lines 1-67). Wagner fails to explicitly teach appending an 
identifier to each link in the document and sending that document to the client. However, McGee 
discloses the appending of a user's session index or session id to all the URLs embedded in a 
web pages (col.lO,lines 34-67, col. 1 1, lines 56-67). It would have been obvious to a person of 
ordinary skill in the art at the time of the invention to have appended the session id to the links in 
the web page, and combine the teachings of Wagner, and McGee, because McGee discloses a 
system where only authorized users can access web pages, so that the information would be 
safeguarded by providing it to valid users, and denying it to unauthorized users (col.4, lines 43- 
67). 

Response to Arguments 
10. Applicants arguments filed 12/23/2003 have been fully considered but they are not 
persuasive. 

Regarding the 35 USC 1 12, 1 st paragraph rejections, the applicant has indicated that 
there is support for the limitation of storing cookies in a repository(page 4, L.8-1 1). The 
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examiner agrees that support for the storage of cookies in a repository is found in the 

specification. However, the stripping off cookies, and storing those cookies in a repository, is 

not found in the specification, because the specification recites the following: 

After getting the response page, the proxy server first strips off any cookies set by the 
external web site from the response header. The cookies, owned by a particular session 
and identified by the session id, are typically stored in a cookie repository for 
subsequent requests within the session (page 5, L.2-17). 

According to the specification above, the cookies being stored in the repository are the 
cookies, which are owned by a particular session and identified by the session id, and NOT the 
cookies set by the external web site. This also raises the question of which cookies are stored in 
the repository? the cookies which are owned by a particular session and identified by the 
session id, as indicated by the specification above, or the stripped off cookies referred to by 
claim 1 (lines 4-5). There is a contradiction between the specification, and the claims. 

The applicant states that Wagner does not teach the stripping cookies, and storing the 
cookies in a repository (page 4, L.22-26). The Examiner disagrees, because Wagner discloses 
the deletion of cookies from web page headers sent to a user. The cookies are normally stored in 
a web server which introduces cookies into the header of a requested web page (col. 2, lines 1- 
67, col. 3, lines 1-67). 

Moreover, the Applicants state that neither Wagner, nor McGee teach appending a 
session id to all the URLs embedded in a response page (page 5, lines 26-page 6, line 1 1). The 
Examiner disagrees, because McGee discloses the appending of a user's session index or session 
id to all the URLs embedded in a web pages (col.lO,lines 34-67, col. 1 1, lines 56-67). Each URL 
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is replaced with a token. The token consists of the URL, and other added or appended 
information such as the session index. 

In view of the remarks above, claims 1-14 remain rejected. 

Conclusion 

1 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

I. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Cesar B. Paula whose telephone number is (703) 306-5543. The examiner 
can normally be reached on Monday through Friday from 8:00 a.m. to 4:00 p.m. (EST). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Heather Herndon, can be reached on (703) 308-5186. However, in such a case, please allow at 
least one business day. 
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Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the Group receptionist whose telephone number is (703) 305-3900. 
Any response to this Action should be mailed to: 

Director United States Patent and Trademark Office 

Washington, D.C. 20231 
Or faxed to: 

• (703) 703-872-9306, (for all Formal communications intended for entry) 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA, Sixth Floor (Receptionist). 



3/10/04 




STEPHENS. HONG 
PRIMARY EXAMINER 



